Sunday, March 31, 2013

75 Open Source Apps To Replace Popular Security Software

Hackers seem to be successfully attacking almost everyone
these days. Already this year, the news has included high-profile
cyberattacks targeting Facebook, Microsoft, Apple, Chase, Evernote, The Federal Reserve, Twitter, The Wall Street Journal, Bloomberg, Reuters, The New York Times and other companies.
While no security software can provide complete protection from every
cyberattack, the open source community has developed a variety of tools
that home users, small businesses and enterprises can use to improve
their security profile. Many of these open source projects are of a very
high quality—in fact, many have won awards and some have been
incorporated into commercial applications.
Below and on the following pages, we've collected some of the best of
these open source security applications and listed them with similar
commercial software to provide a general idea of their capabilities. We
update this list about once a year. For 2013, we extended it
significantly, as well as updating information on tools we've already
covered and eliminating some of the tools that are no longer regularly
patched.
As always, if you know of additional open source security tools that
you think should be on our list, please note them in the comments
section below.

Anti-Malware

1. ClamAV
Replaces VirusScan Enterprise for Linux
Known as "the de facto standard for mail gateway scanning," ClamAV is
one of the most popular open source security applications available.
The core open source product has been packaged into numerous other
products, including Immunet
a cloud-based version for Windows PCs. Note that the standard version
of ClamAV offers on-demand scanning only and does not scan your system
or incoming content in real-time. Operating System: Linux, but
front-ends and additional versions are available for other OSes.
2. ClamTk
Replaces VirusScan Enterprise for Linux
One of the many front-ends for ClamAV, ClamTk offers an easy-to-use
graphic interface. It's won several awards and is available in numerous
languages. Operating System: Linux.
3. ClamWin Free Antivirus
Replaces Kaspersky Anti-Virus, McAfee AntiVirus Plus, Norton Anti-Virus
More than 600,000 Windows users run this anti-virus software on their
systems. It offers an easy installer, and it integrates with Windows
Explorer and Outlook. As you might guess from the name, it is also based
on ClamAV. Operating System: Windows.

Backup

4. Amanda
Replaces Simpana Backup and Recovery , NetVault, HP StorageWorks EBS
It's website proclaims that Amanda is "the most popular open source
backup and recovery software in the world." It can back up multiple
networked systems to a single tape- or disk-based storage system, and
it's very easy to set up. It comes in a free community version, a paid
enterprise version or as a paid appliance. Operating System: Windows,
Linux, OS X.
5. Areca Backup
Replaces NovaBackup
If you only need to back up a single system, Areca offers an
easy-to-use interface that balances simplicity with flexibility.
Noteworthy features include compression, AES128 and AES256 encryption,
filters and support for incremental, differential, delta and full
backups. Operating System: Windows, Linux.
6. Bacula
Replaces Simpana Backup and Recovery , NetVault, HP StorageWorks EBS
This popular network backup solution was designed for enterprise
users. Those who need commercial support and services can get it through
Bacula Systems. Operating System: Windows, Linux, OS X.
7. Clonezilla
Replaces Norton Ghost
This disk imaging and cloning tool comes in two separate editions.
Clonezilla Live does backup and bare metal recovery for a single system.
Clonezilla SE allows administrators to clone or multi-cast disk images
for forty systems or more at the same time. Operating System: Windows,
Linux, OS X.
8. FOG
Replaces Norton Ghost
Another cloning tool, FOG boasts easy use, centralized
administration, powerful capabilities and scalability that can support
networks with 2 to 20,000 systems. In addition to disk imaging, it also
offers virus scanning, memory testing, disk wiping, testdisk, and file
recovery features. Operating System: Windows, Linux.
9. Partimage
Replaces Norton Ghost, NovaBackup, McAfee Online Backup, Carbonite.com
This backup solution creates an image of a partition or your entire
system, copying only the used portions to save time and space. It can be
used for backup or to copy an image onto many systems. Operating
System: Linux.
10. Redo
Replaces Norton Ghost, NovaBackup, McAfee Online Backup, Carbonite.com
Downloaded more than 750,000 times, Redo claims to be "easiest, most
complete disaster recovery solution available." It runs from a live CD,
so no installation is necessary. It's so fast and easy to use that even
if you erase your entire hard drive, it can get you back up and running
in just ten minutes. Operating System: Linux.

Browser Add-Ons

14. Web of Trust (WOT)
Replaces McAfee SiteAdvisor Plus
According to the counter on its home page, WOT has been downloaded
more than 68 million times. It displays a green, yellow or red "traffic
light" for websites to let you know whether the site has a trusted
reputation or not. It works with all major browsers, including Firefox,
IE, Chrome, Safari and Opera. Operating System: Windows, Linux, OS X.
15. PasswordMaker
Replaces Kaspersky Password Manager, Roboform
Don't keep using the same password over and over! PasswordMaker
creates unique passwords for each service you use. All you have to
remember is one master password and this add-on does the rest for you.
Operating System: Windows, Linux, OS X.

Data Destruction

16. BleachBit
Replaces Easy System Cleaner
BleachBit combines multiple security and privacy functions into a
single utility. It cleans out "junk," like cookies and temporary files,
and it protects your privacy by erasing your history and deleting log
files. It also includes a file "shredder" to help you completely
eliminate all traces of unwanted files. Operating System: Windows,
Linux.
17. Eraser
Replaces BCWipe Enterprise
Like other data "shredding" tools, Eraser completely eliminates all
traces of a file from your drive by overwriting it several times with
random data. The Eraser website suggests you might like to use it to
make sure no one can recover your "passwords, personal information,
classified documents from work, financial records, [or] self-written
poems." Operating System: Windows.
18. Wipe
Replaces BCWipe Enterprise
If you're on Linux, you won't be able to use Eraser, but you will be
able to run Wipe, which offers much the same functionality. The site
also offers a little more technical detail about how secure deletion
works. Operating System: Linux.
19.Darik's Boot and Nuke
Replaces Kill Disk, BCWipe Total WipeOut
If you need to delete an entire drive, DBAN does the job. It's a
great tool to use if you plan to donate or dispose of an old system and
don't want people to be able to access your records from the hard drive.
Operating System: OS Independent.

Email Security/Filtering

22. Scrollout F1
Replaces Barracuda Spam and Virus Firewall, SpamHero, Abaca Email Protection Gateway
Extremely popular, Scrollout F1 incorporates anti-spam, anti-virus
and data loss protection capabilities into a free gateway security
solution. It works with all mail servers, including Microsoft Exchange,
Lotus Domino, Postfix, Exim, Qmail and others. Operating System:
Windows, Linux.
23. ASSP
Replaces Barracuda Spam and Virus Firewall, SpamHero, Abaca Email Protection Gateway
This anti-spam proxy filter claims "When it comes to killing SPAM
nothing is as deadly as an ASSP!" Key features include easy
browser-based setup, support for most SMTP servers, automatic
whitelisting for people you e-mail, early sender validation, virus
filtering (based on ClamAV) and more. Operating System: OS Independent.
24. MailScanner
Replaces Barracuda Spam and Virus Firewall, SpamHero, Abaca Email Protection Gateway
This spam blocker boasts that it has been downloaded more than 1.4
million times (approximately 30,000 times per month) and is currently
used in more than 225 countries. It includes both anti-virus and
anti-spam capabilities, and it is included in many Linux distributions.
Operating System: OS Independent.
25. SpamAssassin
Replaces Barracuda Spam and Virus Firewall, SpamHero, Abaca Email Protection Gateway
An Apache project, this self-proclaimed "powerful #1 open-source spam
filter" has received numerous awards. It utilizes many different local
and network tests to identify spam signatures, and it's easy to add
additional rules if you choose. Operating System: primarily Linux and OS
X, although Windows versions are available.
26. SpamBayes
Replaces Barracuda Spam and Virus Firewall, SpamHero, Abaca Email Protection Gateway
This spam filter uses mathematical algorithms and your previous
behavior to determine the probability that messages are spam or "ham,"
and then it sorts them into the appropriate folders. It comes in
multiple versions, including an Outlook plug-in. Operating System: OS
Independent.
27. P3Scan
Replaces VirusScan Enterprise for Linux
This transparent proxy filter scans e-mail and attachments for spam,
viruses, worm, Trojans and other malicious code. You can use it alone or
alongside other anti-malware or anti-spam applications. Operating
System: Linux.

Encryption

28. AxCrypt
Replaces Symantec Encryption, Folder Lock, SensiGuard, CryptoForge
More than 2.7 million users have downloaded and registered this open
source encryption solution. It integrates into the Windows Explorer
(right-click to encrypt, double-click to decrypt) and also supports
cloud storage services like DropBox, Live Mesh, SkyDrive and Box.net.
Operating System: Windows.
29. Gnu Privacy Guard
Replaces Symantec Email Gateway Solution (PGP)
Gnu's email encryption solution supports multiple encryption
algorithms and offers good key management features. It's a command-line
tool for Linux only, but other projects have created front ends and
ported it to other operating systems. Operating System: Linux.
30. GPGTools
Replaces Symantec Email Gateway Solution (PGP)
If you're on a Mac, you might want to try this version of GPG. But
note that the Mountain Lion version is still in preview stage. Operating
System: OS X.
31. gpg4win
Replaces Symantec Email Gateway Solution (PGP)
As the name suggests, this project brings Gnu Privacy Guard to
Windows. It encrypts both files and mail messages, and it features an
easy-to-use interface. Operating System: Windows.
32. PeaZip
Replaces WinZip
This compression and archiving tool also offers encryption and secure
deletion capabilities. It supports more than 150 file formats and
multiple encryption capabilities, plus it comes in 64-bit and portable
versions. Operating System: Windows, Linux.
33. Crypt
Replaces Symantec Encryption, Folder Lock, SensiGuard, CryptoForge
Speed is Crypt's claim to fame. This command-line encryption utility
takes up only 44MB of space, and it can encrypt 30 files (3MB total) in
just 0.7 seconds. Operating System: Windows.
34. NeoCrypt
Replaces Symantec Encryption, Folder Lock, SensiGuard, CryptoForge
NeoCrypt boasts an intuitive interface and "fast, reliable and
unbreakable encryption." Features include support for ten encryption
algorithms, Windows Explorer integration, batch operations and more.
Operating System: Windows.
35. LUKS/cryptsetup
Replaces Symantec Drive Encryption
Linux Unified Key Setup, or LUKS, claims to be "the standard for
Linux hard disk encryption." It encrypts an entire drive or partition at
once and supports multiple passwords for multiple users. Operating
System: Linux.
36. FreeOTFE
Replaces Symantec Drive Encryption
Short for "Free On The Fly Encryption," FreeOTFE creates an encrypted
virtual disk on your system. It supports multiple hash techniques and
encryption algorithms, and it can run from a USB thumb drive. Operating
System: Windows.
37.TrueCrypt
Replaces Symantec Drive Encryption
This very popular disk encryption utility has been downloaded more
than 26 million times. It offers fast performance, thanks to
parallelization and pipelining, and it supports hardware acceleration on
modern processors. Operating System: Windows.

Intrusion Detection

43. Open Source Tripwire
Replaces Tripwire
Tripwire is one of the leading commercial intrusion detection
solutions. Over a decade ago, the company briefly released its flagship
product under an open source license, and development has continued on
that project independent from commercial Tripwire. Both products help to
identify when hackers have broken into networks by monitoring for
changes in your file system. Operating System: Windows, Linux.
44. AFICK
Replaces Tripwire
Another File Integrity Checker, or AFICK for short, works very
similarly to Tripwire. It's very fast and runs from the command line or
the included graphical interface. Operating System: Windows, Linux.

Network Firewalls

45. IPCop
Replaces Barricuda NG Firewall, Check Point Appliances
Most of the open source network firewall projects, including IPCop,
make it possible to create your own Linux-based firewall appliance from
standard PC hardware. This project has a fairly intuitive Web-based
interface and is a good option for small business owners or others with
small networks. Operating System: Linux.
46. Devil-Linux
Replaces Barricuda NG Firewall, Check Point Appliances
More full-featured than many open source network firewalls,
Devil-Linux can function as an application server as well as a
firewall/router. It can also run from a CD or a USB thumb drive.
Operating System: Linux.
47. IPFire
Replaces Barricuda NG Firewall, Check Point Appliances
Designed to meet the needs of everyone from home users all the way up
to large enterprises, IPFire boasts excellent flexibility and regular
security updates. A number of add-ons and commercial support are
avaialable. Operating System: Linux.
48. Turtle Firewall
Replaces Barricuda NG Firewall, Check Point Appliances
Turtle boasts simple, fast configuration of an iptables-based
firewall. It's a good option for fairly technical users, but might be
overwhelming for those with less networking knowledge. Operating System:
Linux.
49. Shorewall
Replaces Barricuda NG Firewall, Check Point Appliances
Also known as "Shoreline Firewall," Shorewall aims to be "the most
flexible and powerful" of the Linux-based firewall options. You can set
it to act as a simple network firewall, as a multi-function
gateway/server/router or to protect an individual system. Operating
System: Linux.
50. Vuurmuur
Replaces Barricuda NG Firewall, Check Point Appliances
This iptables-based firewall boasts "powerful monitoring features"
that allow real-time tracking of logs, connections and bandwidth. Other
features include traffic shaping, an easy-to-use GUI, IPv6 support,
anti-spoofing capabilities and more. Operating System: Linux.
51. m0n0wall
Replaces Barricuda NG Firewall, Check Point Appliances
Unlike most of the other projects on our list, m0n0wall is based on
FreeBSD, not Linux. It can be used with embedded systems from PC Engines
or Soekris Engineering, as well as with standard x86 PCs. Operating
System: FreeBSD.
52. pfSense
Replaces Barricuda NG Firewall, Check Point Appliances
Another BSD-based option, pfSense is a very popular fork of m0n0wall
that has been downloaded millions of times. It claims to offer "most all
the features in expensive commercial firewalls, and more in many
cases." Commercial support is available. Operating System: FreeBSD.
53. Vyatta Network OS
Replaces Cisco products
Vyatta offers software-based networking capabilities, including
enterprise-class routing, firewall and VPN features. In addition to the
free open source version, it also offers paid enterprise versions of the
software, which add more capabilities. Operating System: Linux.

Network Monitoring

54. Wireshark
Replaces OmniPeek, CommView
Wireshark boldly proclaims itself the "world's foremost network
protocol analyzer," and it's a very mature product with loads of
documentation and help available. It performs deep inspection of
hundreds of protocols, live capture, offline analysis and many other
features. Commercial support and services are available through Riverbed Technology. Operating System: Windows, Linux, OS X.
55. tcpdump/libpcap
Replaces OmniPeek, CommView
Together, these two command-line tools offer a complete network
analysis and monitoring solution: tcpdump does packet analysis, while
libpcap does traffic capture. Many of the developers behind Wireshark
are also involved with these projects. Operating System: Linux.
56. WinDump/WinPcap
Replaces OmniPeek, CommView
These two projects port tcpdump and libpcap to Windows. And, like
Wireshark, they are also associated with Riverbed Technology. Operating
System: Windows.

Operating Systems

57. BackTrack Linux
Replaces Windows
Built for penetration testing, BackTrack helps simplify the process
of testing and hardening your networks, whether you're a relative
newcomer to the field or a seasoned professional. It includes a huge
library of penetration testing and security tools, and it can be
installed on a system or run from a Live DVD or USB thumb drive.
58. EnGarde Secure Linux
Replaces Windows
Engarde claims to be "the first truly secure, open source Internet
operating platform." It includes SELinux capabilities, plus intrusion
detection, content filtering and other security features.
59. Liberté Linux
Replaces Windows
Based on Gentoo Linux, Liberté runs from a USB thumb drive, securing
your system and encrypting your messages. The project website says,
"Whether you are a privacy advocate, a dissident, or a sleeper agent,
you are equally likely to find Liberté Linux useful as a
mission-critical communication aid."

60. LPS
Replaces Windows
Created by the U.S. Air Force, the Lightweight Portable Security, or
LPS, Linux distribution can turn any PC or Mac into a secure
communication node. It runs from a CD or USB thumb drive and removes all
traces of your activity when you shut it down.
61. NetSecl
Replaces Windows
A variation of OpenSuse, NetSecl, like BackTrack, was built for use in penetration testing situations.
62. SELinux
Replaces Windows
It's not a full operating system, but the SELinux projects has added
access control capabilities to the Linux kernel. These features are
incorporated into many other Linux distributions, including many of the
most popular, like Red Hat and Fedora.
63. Tails
Replaces Windows
Another privacy-focused Linux distribution, Tails is short for "The
Amnesic Incognito Live System." Like Whonix, it leverages Tor and
Debian, and it uses encryption tools to protect your files and
communications. It runs from a live DVD or USB drive so that you can
protect yourself no matter what system you're on.
64. Whonix
Replaces Windows
Based on Virtual Box, Debian GNU/Linux and Tor, Whonix is designed to
be a fully anonymous operating system that offers exceptional security
and privacy protection. It claims to make IP and DNS leaks impossible.

Password Crackers

65. Ophcrack
Replaces Access Data Password Recovery Toolkit, Passware
Every network admin needs a password cracker in his or her arsenal
for those times when passwords aren't recoverable any other way.
Developed by the people who invented rainbow tables, Ophcrack can use
that method or brute force to find unknown passwords. Operating System:
Windows, Linux.
66. John the Ripper
Replaces Access Data Password Recovery Toolkit, Passware
John the Ripper is a fast password cracker that relies lists of
common passwords in various languages. In addition to the official
community version, it also comes in a community-enhanced version, which
supports many more ciphers and hashing techniques, or a pro version,
which is customized for various OSes and is easier to install and use.
Operating System: Windows, Linux, OS X.
67. PDFCrack
Replaces Access Data Password Recovery Toolkit, Passware
As you might guess from the name, this cracker specifically focuses
on retrieving passwords and content from PDF files. It runs from the
command line and uses both brute force and list-based cracking
techniques. Operating System: Linux, Unix.

Password Management

68. KeePass Password Safe
Replaces Kaspersky Password Manager, RoboForm
Using the same password over and over is asking for trouble. Instead,
try KeePass. It generates strong passwords for you and stores all your
passwords in an encrypted database, so all you have to remember is one
master password. Operating System: Windows.
69. KeePassX
Replaces Kaspersky Password Manager, RoboForm
Originally developed as a Linux fork of KeePass, this password safe
is very similar to the KeePass. It now supports OS X and some versions
of Windows, as well as Linux. Operating System: Windows, Linux, OS X.
70. Password Safe
Replaces Kaspersky Password Manager, RoboForm
This app boasts over a million downloads and very fast installation.
Like KeePass, it remembers your passwords for you and keeps them secure
in an encrypted database. Operating System: Windows.

Secure File Transfer

71. WinSCP
Replaces CuteFTP, FTP Commander
This award-winning utility supports SFTP, FTPS and SCP protocols for
secure file transfer, as well as regular FTP when security isn't
required. It includes two different styles of graphic interface, or it
can run from the command line. Operating System: Windows.
72. FileZilla
Replaces CuteFTP, FTP Commander
Like WinSCP, FileZilla supports all the standard file transfer
protocols. In addition to the multi-platform client version, it also
comes in a Windows-only server version. Operating System: Windows,
Linux, OS X.

Spyware Blocker

73. Nixory
Replaces SpyBot Search and Destroy, AdAware
Whether you use Firefox, Chrome or Internet Explorer, Nixory erases
malicious tracking cookies from your browser. Note that you'll need to
use it alongside other security software because it only erases tracking
cookies and doesn't block viruses or other types of malware. Operating
System: OS Independent.

User Authentication

74. WiKID
Replaces Entrust IdentityGuard, Vasco Digipass, RSA's SecurID
WiKID offers simple, software-based two-factor authentication
solutions for enterprises. In addition to the free community version, it
also comes in a paid enterprise version that includes some proprietary
code. Operating System: OS Independent.

Web Filtering

75. DansGuardian
Replaces McAfee Family ProtectionNetNanny
This network content filtering tool uses phrase matching, PICS
filtering and URL filtering to help block objectionable content.
Recently, a new maintainer took over this project, so it is once again
getting patches and updates. Operating System: Linux, OS X.